Home > Mac administration, macOS, Management Profiles > Blocking Apple Account login access 2024-8-9 00:5:45 Author: derflounder.wordpress.com(查看原文) 阅读量:17 收藏
Home > Mac administration, macOS, Management Profiles > Blocking Apple Account login access in System Settings on macOS Sonoma
Blocking Apple Account login access in System Settings on macOS Sonoma
As part of a discussion in the Mac Admins Slack, a question came up about how to block Apple Account (also known as Apple ID) logins in System Settings. The scenario discussed was a computer lab, where the lab admin wanted to make sure that folks using the lab weren’t able to sign into their personal Apple Accounts on lab machines.
This is possible, though there is a side effect: Access to Internet Accounts in System Settings is likewise blocked. Unfortunately this seems to be a package deal as of this time; if you want to block Apple Account logins in System Settings, you also get access blocked to Internet Accounts. For more information, please see below the jump.
Blocking access to the Apple Account and Internet Accounts logins can be set using a profile like the one shown below:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1"> | |
| <dict> | |
| <key>PayloadUUID</key> | |
| <string>F4A71741-6CA4-4FC9-BE78-66DB0D955A34</string> | |
| <key>PayloadType</key> | |
| <string>Configuration</string> | |
| <key>PayloadOrganization</key> | |
| <string>Company Name</string> | |
| <key>PayloadIdentifier</key> | |
| <string>F4A71741-6CA4-4FC9-BE78-66DB0D955A34</string> | |
| <key>PayloadDisplayName</key> | |
| <string>Block Apple Account and Internet Account Logins</string> | |
| <key>PayloadDescription</key> | |
| <string /> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| <key>PayloadEnabled</key> | |
| <true /> | |
| <key>PayloadRemovalDisallowed</key> | |
| <true /> | |
| <key>PayloadScope</key> | |
| <string>System</string> | |
| <key>PayloadContent</key> | |
| <array> | |
| <dict> | |
| <key>PayloadDisplayName</key> | |
| <string>Custom Settings</string> | |
| <key>PayloadIdentifier</key> | |
| <string>8BC9EF92-9BF0-41F3-B4F9-0A422E5FAC39</string> | |
| <key>PayloadOrganization</key> | |
| <string>Company Name</string> | |
| <key>PayloadType</key> | |
| <string>com.apple.ManagedClient.preferences</string> | |
| <key>PayloadUUID</key> | |
| <string>8BC9EF92-9BF0-41F3-B4F9-0A422E5FAC39</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| <key>PayloadContent</key> | |
| <dict> | |
| <key>com.apple.applicationaccess</key> | |
| <dict> | |
| <key>Forced</key> | |
| <array> | |
| <dict> | |
| <key>mcx_preference_settings</key> | |
| <dict> | |
| <key>allowAccountModification</key> | |
| <false /> | |
| </dict> | |
| </dict> | |
| </array> | |
| </dict> | |
| </dict> | |
| </dict> | |
| </array> | |
| </dict> | |
| </plist> |
When installed, the profile should look similar to what’s shown below.
The Apple ID / Apple Account settings in System Settings will be accessible, but you won’t be able to sign in.
As of macOS Sonoma 14.6.1, there should be a message that account changes are restricted by a profile. Since account changes would include logging in, that’s blocked.
The Internet Accounts settings in System Settings are likewise accessible but the Add Account… button is grayed out and not functional.
如有侵权请联系:admin#unsafe.sh